implement AuthenticateUser use case
input validation: email + password required. constructs EmailAddress vo (BadRequest on bad format). looks up user; absent or password-mismatch -> UnauthorizedException with constant 'invalid credentials' message (no enumeration leak). password verified through PasswordHasher->verify against stored hash on the User entity (no separate profile lookup -> tide keeps password on the user row). returns the User entity for the caller (typically CreateSession + AuthController). 27 tests pass.
This commit is contained in:
yisroel
parent
2731e610e5
commit
5b74e9d76a
GPG key ID:
0FA60884F75520A9
2 changed files with 65 additions and 0 deletions
|
|
@ -0,0 +1,54 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Auth\UseCases\AuthenticateUser;
|
||||||
|
|
||||||
|
use App\Auth\PasswordHasher;
|
||||||
|
use App\Exceptions\BadRequestException;
|
||||||
|
use App\Exceptions\UnauthorizedException;
|
||||||
|
use App\Shared\ValueObject\EmailAddress;
|
||||||
|
use App\User\User;
|
||||||
|
use App\User\UserRepository;
|
||||||
|
use InvalidArgumentException;
|
||||||
|
|
||||||
|
class AuthenticateUser
|
||||||
|
{
|
||||||
|
public function __construct(
|
||||||
|
private UserRepository $userRepo,
|
||||||
|
private PasswordHasher $hasher,
|
||||||
|
) {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @throws BadRequestException
|
||||||
|
* @throws UnauthorizedException
|
||||||
|
*/
|
||||||
|
public function execute(AuthenticateUserRequest $request): User
|
||||||
|
{
|
||||||
|
if ($request->email === null || $request->email === '') {
|
||||||
|
throw new BadRequestException('email is required');
|
||||||
|
}
|
||||||
|
if ($request->password === null || $request->password === '') {
|
||||||
|
throw new BadRequestException('password is required');
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$email = new EmailAddress($request->email);
|
||||||
|
} catch (InvalidArgumentException $exception) {
|
||||||
|
throw new BadRequestException($exception->getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = $this->userRepo->findByEmail($email);
|
||||||
|
if ($user === null) {
|
||||||
|
throw new UnauthorizedException('invalid credentials');
|
||||||
|
}
|
||||||
|
|
||||||
|
$passwordMatches = $this->hasher->verify(
|
||||||
|
$request->password,
|
||||||
|
$user->getPasswordHash(),
|
||||||
|
);
|
||||||
|
if (! $passwordMatches) {
|
||||||
|
throw new UnauthorizedException('invalid credentials');
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Auth\UseCases\AuthenticateUser;
|
||||||
|
|
||||||
|
class AuthenticateUserRequest
|
||||||
|
{
|
||||||
|
public function __construct(
|
||||||
|
public ?string $email,
|
||||||
|
public ?string $password,
|
||||||
|
) {}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue